Dr. InfoSec's Quotes of the Week (003)

Sunday, July 11, 2010

Christophe Veltsos


Intel CISO

"The biggest vulnerability we face today and the future is not the thing that the technical security person would think of, like a botnet or technical flaw, but the misperception of risk. ... Today, those threat vectors are so subtle, you don't know that something's gotten installed on your computer. Because the incentive for the intruder is to not make you aware of it." -- Malcolm Harkins, CISO & General Manager of Enterprise Capabilities for Intel Corp

Smart-Grid Privacy

"We, Siemens, have the technology to record it (energy consumption) every minute, second, microsecond, more or less live. From that we can infer how many people are in the house, what they do, whether they're upstairs, downstairs, do you have a dog, when do you habitually get up, when did you get up this morning, when do you have a shower: masses of private data. We think the regulator needs to send a strong signal to say that the data belongs to consumers and consumers alone. We believe that's a blocker to people adopting the technology." -- Martin Pollock of Siemens Energy

Pity the modern CIO

"Pity the modern CIO who is forced to cut costs, upgrade critical infrastructure and somehow support and secure a myriad of consumer devices that have become as common as paperclips and Post-It notes in the workplace." -- David Needle, West Coast bureau chief at InternetNews.com

On Passwords

"Fidelity doesn't pay when it comes to passwords – the most important passwords should be changed every three months. -- Dieter Kempf, a member of the presiding committee of Germany's Bitkom industry association

McGraw's Advice to Programmers

"It is a myth that you have to have source code to exploit vulnerabilities. You (software developers) need to realize that your software is out there, and you are giving your attacker everything they need to exploit it." -- Gary McGraw, CTO of Cigital


Cross-posted from Dr. Infosec


Possibly Related Articles:
Security Awareness
Security Awareness Security Management
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.